CVE-2022-44595

Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0...

Cross site request forgery (csrf)

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery CSRF. An attacker can disable the 2FA by sending the user a malicious form...

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

CVE-2021-41129

CVE-2021-41129 affects Pterodactyl Panel. A validation flaw in the two‑factor authentication flow (LoginCheckpointController@__invoke) allows a malicious user to alter the confirmation_token to reference a cache entry containing a user_id, potentially authenticating as an arbitrary user with two‑...

WP Cerber Security < 8.9.3 - 2FA Authentication Bypass

The plugin improperly checked certain HTTP parameters leading to an administrative multi-factor authentication bypass...

DeimosC2 - A Golang Command And Control Framework For Post-Exploitation

DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...

U.S. Dept Of Defense: Public instance of Jenkins on https://██████████/ with /script enabled

Summary: An Amazon instance was found on https://█████/ running Jenkins. On analysing the SSL certificate, I reported here to the DoD. Description: On checking the SSL certificate, the details show: Issued to and Issued By records: CN: █████ OrganizationO: █████████ Organizational Unit OU: ███...

Sim Swapping Crypto Stealing Hackers Arrested by Turkish Police

By Waqas Eleven Turkish individuals have been arrested by Turkish police department for stealing cryptocurrency worth approx. $80,000 via Sim Swapping. Reportedly, the suspects tricked the phone providers into revealing the phone numbers of the victims and used the SIMs for performing 2FA...

Legal Robot: Lengthy manual entry of 2FA secret

Hello @team, I would like to report on some issue where users are going to face while 2FA authentication.We can see that users need to enter 52 bit code manually for 2FA authentication,which is taking a lot of time and it will be difficult for the user to enter the total 52 bits in the google...